Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Open source: Getting angry, getting better

| April 25, 2014
Last week, I explored some of the important issues raised by the discovery of a major flaw in the widely-used open source program OpenSSL, and how that might be addressed. Since then, a couple of things have happened.

Last week, I explored some of the important issues raised by the discovery of a major flaw in the widely-used open source program OpenSSL, and how that might be addressed. Since then, a couple of things have happened.

First, people have started working on fixing the evident lack of support for core open source projects. Here's a potentially important new initiative to do that, led by the Linux Foundation:

The Linux Foundation today announced it has formed a new project to fund and support critical elements of the global information infrastructure. The Core Infrastructure Initiative enables technology companies to collaboratively identify and fund open source projects that are in need of assistance, while allowing the developers to continue their work under the community norms that have made open source so successful. Founding backers of the Initiative include Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation.

The first project under consideration to receive funds from the Initiative will be OpenSSL, which could receive fellowship funding for key developers as well as other resources to assist the project in improving its security, enabling outside reviews, and improving responsiveness to patch requests.

The Core Infrastructure Initiative is a multi-million dollar project organized by The Linux Foundation to fund open source projects that are in the critical path for core computing and Internet functions. Galvanized by the Heartbleed OpenSSL crisis, the Initiative’s funds will be administered by The Linux Foundation and a steering group comprised of backers of the project as well as key open source developers and other industry stakeholders. Support from the initiative will include funding for fellowships for key developers to work full-time on open source projects, security audits, computing and test infrastructure, travel, face-to-face meeting coordination and other support.

That's good to see - let's hope that it represents the start of a much broader, and sustained understanding that free-riding on free software may be permissible but is really bad business. It's worth noting that one of the sponsors of the Core Infrastructure Initiative is Microsoft, which is also welcome.

The second development, alongside that move from the corporate side of things, comes from the coders: OpenBSD founder Theo de Raadt has forked OpenSSL to produce a new project, LibreSSL (looks like LibreOffice may have started something in the naming department.) Here's why:

When asked why he wanted to start over instead of helping to make OpenSSL better, de Raadt said the existing code is too much of a mess.

 

1  2  Next Page 

Sign up for Computerworld eNewsletters.